| Name | Status | Filename | Description |
|---|
| Microsoft Config (mscfg) | X | dczznet.exe | Added by the W32/Rbot-ARK
WORM! Note: This is not the legitimate Windows process Msconfig.exe (Which is found in the System or System32 folder.) This worm\trojan file is found in the Windows or Winnt folder.
Read the link, rootkit type stealth involved. |
| Microsoft Corporation | X | systemi32.exe | Variant of the W32.SPYBOT WORM |
| Microsoft Corporation | X | utorrent.exe | Added by a variant of the Backdoor.Win32.Bifrose.la TROJAN! Note: This trojan is located in C:\%WINDIR%\System32\ (XP/WinNT/2K) |
| Microsoft Corporation (Windows Wordpad) | X | wordpad.exe | Added by the W32/Tilebot-GL WORM! Note: This worm\trojan is located in C:\%WINDIR%\ This is not Microsoft's wordpad.exe. To make sure check the properties of the file. |
| Microsoft Coyshader Runtime | X | serv32.exe | Added by the W32/Rbot-GHJ WORM! Note: This worm\trojan is located in C:\%WINDIR%\ Install a rookit. rdriv.sys run a rootkit removal tool |
| Microsoft Coyshader Runtime | X | service.exe | Added by the W32/Rbot-GHJ WORM! Note: This worm\trojan is located in C:\%WINDIR%\ Install a rookit. rdriv.sys run a rootkit removal tool |
| Microsoft CTF Loader | L | ctfmon.exe | CTF Loader
|
| Microsoft DHCPA Service | X | mshcp.exe | Added by the W32/Rbot-FNA WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) |
| Microsoft Digital Identity Service (InfoCard Service) | L | infocard.exe | Related to Microsoft_NET_Framework .NET Framework is a development and execution environment that allows different programming languages & libraries to work together seamlessly to create Windows-based applications. |
| Microsoft Dir32 | X | Dirhost.com | W32/IRCBot-YC
Note:Located in C:\Windows\System\dllcache (Win9x/Me), C:\%WINDIR%\System32\dllcache (XP/WinNT/2K)
Steals information, allows remote access, read the link |
| Microsoft Display Service | X | msds.exe | Troj/Spybot-NZ
Note: Note:Located in C:\Windows\System\dllcache (Win9x/Me), C:\%WINDIR%\System32\dllcache (XP/WinNT/2K)
Allows others to access the computer |
| Microsoft Distributed Transaction (MSDT) | X | msdt.exe | Added by the W32/Tilebot-BQ
WORM!
Note: This worm\trojan file is found in the Windows or Winnt folder.
|
| Microsoft DLL System | X | smsc.exe | Added by the W32/Tilebot-FY WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Microsoft Genuine Advantage | X | winmga.exe | Reported as Backdoor.Win32.VanBot.dk
Note: Located in \%WINDIR%\system32\dllcache (XP/WinNT/2K) |
| Microsoft Genuine Update Advantage | X | mswan.exe | Identified as a variant of the Backdoor.Win32.VanBot.dk worm. Note: Located in \%WINDIR%\System32\dllcache\ |
| Microsoft HDA Protocol (svhda) | X | svhda.exe | aDEED BY THE Backdoor.Win32.IRCBot.rr as detected by Kaspersky TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| Microsoft IE | X | IEXPLORE.EXE | Added by the W32/Forbot-AG WORM! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Note: This is not the legitimate Windows Process. (Which is found in the C:\Program Files\Internet Explorer\ folder.) This worm\trojan file is found in the C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 |
| Microsoft IIS helper | X | msiishlp.exe | Added by the Backdoor.Isen.Rootkit
TROJAN!
Read the link, rootkit type stealth involved.
|
| Microsoft Inet Service | X | _svchost.exe | Added by the Troj/Dwnldr-GYS Trojan! Note: Located in \%WINDIR%\System32\ This infection should not be confused with the legitimate \%WINDIR%\System32\svchost.exe file. |
| Microsoft information dll service (msidll) | X | msidll.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) More here |
| Microsoft Internet Explorer | X | iexplore.exe | W32/Tilebot-JS Read the link, allows remote access |
Microsoft Internet Information Services kernel mode
driver | X | msiisdrv.exe | Added by the Backdoor.Isen.Rootkit
TROJAN!
Read the link, rootkit type stealth involved.
|
| Microsoft Java Service (Windows Java Service) | X | jusched.exe | Added by an unidentified TROJAN! Note: This trojan is located in C:\%WINDIR%\ |
| Microsoft Language Service (Windows Language Service) | X | alg.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder |
| Microsoft Loading Service | X | files.exe | Added by a variant of the IRCBOT Note: Located in \%WINDIR%\ Note: Use SDFix under supervision. |
| Microsoft Loading Service | X | loader.exe | Added by a variant of the IRCBOT Note: Located in \%WINDIR%\System32\ Note: Use SDFix under supervision. |
| Microsoft Loading Service | X | msdates.exe | Added by a variant of the IRCBOT Note: Located in \%WINDIR%\System32\ Note: Use SDFix under supervision. |
| Microsoft Logitech WLAN | X | mslw.exe | Added by a variant of the Win32/IRCBot.UG Note: Located in \%WINDIR%\System32\dllcache Note: Use SDFix under supervision. |
| Microsoft Logon Service | X | mslogon.exe | Added by the W32.Woredbot.C TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) |
| Microsoft Logon User Interface Skining (LogonUInterf) | X | logonui.exe | Detected by Ewido as Backdoor.SdBot.aad. This worm file is found in the Windows or Winnt folder.
|
| Microsoft Main Window Service | X | mainwin32.exe | Added by the W32/Spybot-MR WORM! Note: This worm\trojan is located in C:\Windows\System\dllcache\ (Win9x/Me), C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) disabling autostart for the SharedAccess service deactivates the Microsoft Internet Connection |
| Microsoft Media | X | rtsecas.exe | W32/Rbot-KPH Read the link, allows remote access |
| Microsoft Media | X | Rtsecar.exe | W32/Vanebot-AX Read the link, allows remote access |
| MicroSoft Media Tools | X | MSMEDIA.EXE | Added by the SDBOT.CUH
WORM!
Note: This worm file is found in the System32 folder. (NT/2000/XP)
Read the link, rootkit type stealth involved.
|
| MicroSoft Media Tools (MicroSoft Media Tools) | X | MSmedia.exe | Added by the W32/Tilebot-BC
WORM!
Note: This worm\trojan file is found in the Windows or Winnt folder.
Read the link, rootkit type stealth involved. |
| Microsoft MSI Service | X | msi.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System\dllcache\ (Win9x/Me), C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) |
| Microsoft Name Server | X | nssrv.exe | W32/Tilebot-EK Read the link, allows remote access |
| Microsoft Net API (NETAPI) | X | msapi.exe | Added by the W32/Tilebot-HJ WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Microsoft NetWork FireWall Services | X | Net_Services.exe | http://www.sophos.com/virusinfo/analyses/w32lovgateaa.html |
| Microsoft NetWork FireWall Services | X | NetServices.exe | http://www.sophos.com/virusinfo/analyses/w32lovgateaa.html |
| Microsoft Network RPC | X | msnetrpc.exe | Related to the Troj/Isen-B |
| Microsoft Networks DN (msndn) | X | msndn.exe | Added by the Backdoor.SdBot.AQZ, A.K.A. Ircbot_Gen
WORM! Allows a remote intruder to gain access and control over the computer. |
| Microsoft New Game 2 (svehost32) | X | svehost32.exe | Added by the W32/Tilebot-I
TROJAN!
Read the link, rootkit type stealth involved.
|
| Microsoft Null Development Monitor (msdevnull) | X | msdevnull.exe | Added by the W32/Rbot-AGE
Worm!
Read the link, rootkit type stealth involved.
|
| Microsoft Passport Network CyberShots | X | cybershots.exe | Added by the W32/Spybot-ND WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) disabling autostart for the SharedAccess service deactivates the Microsoft Internet Connection Firewall (ICF). |
| Microsoft Path Finder Service (MSpath) | X | mspath.exe | Added by the W32/Sdbot-AEO
WORM!
Note: This worm\trojan file is found in the Windows or Winnt folder.
|
| Microsoft Path Finder Service (mspathfinder) | X | mspathfinder | Added by the W32/Tilebot-AH WORM! Rootkit Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Microsoft Performance WMI Adapter AddOn (WMIPervAddOn) | X | wmiapsv.exe | Added by the Backdoor.Win32.SdBot.aad TROJAN! Reported by Kaspersky More Note: This worm\trojan is located in C:\%WINDIR%\ |
| Microsoft Print Spooler (WINDRIVER) | X | scvhost.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Microsoft proxysys (proxysys) | X | proxysys.exe | W32/Tilebot-JC Read the link, allows remote access |
